@W-21933885: [MSDK Android] App Attestation Implementation (Automated Implementation Of New Tests In LoginViewModelTest.kt)

Author: JohnsonEricAtSalesforce

libs/SalesforceSDK/src/com/salesforce/androidsdk/ui/LoginViewModel.kt

@@ -467,7 +467,7 @@ open class LoginViewModel(val bootConfig: BootConfig) : ViewModel() {
         val codeChallenge = getSHA256Hash(codeVerifier)
 
         // Populate the additional parameter map with app attestation, if applicable.
-        SalesforceSDKManager.getInstance().appAttestationClient?.run {
+        sdkManager.appAttestationClient?.run {
             val challenge = fetchMobileAppAttestationChallenge()
             val attestation = createAppAttestation(challenge) ?: return@run
             additionalParams?.put(ATTESTATION, attestation)

libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/LoginViewModelTest.kt

@@ -41,6 +41,7 @@ import com.salesforce.androidsdk.config.OAuthConfig
 import com.salesforce.androidsdk.security.SalesforceKeyGenerator.getSHA256Hash
 import com.salesforce.androidsdk.ui.LoginActivity.Companion.ABOUT_BLANK
 import com.salesforce.androidsdk.ui.LoginViewModel
+import io.mockk.coEvery
 import io.mockk.coVerify
 import io.mockk.every
 import io.mockk.mockk
@@ -69,6 +70,10 @@ import java.net.URI
 private const val FAKE_SERVER_URL = "shouldMatchNothing.salesforce.com"
 private const val FAKE_JWT = "1234"
 private const val FAKE_JWT_FLOW_AUTH = "5678"
+private const val TEST_ATTESTATION_SERVER = "test.salesforce.com"
+private const val TEST_CHALLENGE_VALUE = "__TEST_CHALLENGE_VALUE__"
+private const val TEST_APP_ATTESTATION = "__TEST_APP_ATTESTATION__"
+private const val ATTESTATION_QUERY_PARAM_PREFIX = "attestation="
 
 @OptIn(ExperimentalCoroutinesApi::class)
 @RunWith(AndroidJUnit4::class)
@@ -373,6 +378,7 @@ class LoginViewModelTest {
                 scopes = listOf("api"),
             )
         }
+        every { sdkManagerMock.appAttestationClient } returns null
         val debugConsumerKey = "debug_override_key_789"
         val debugRedirectUri = "debug://redirect"
         val debugScopes = listOf("api", "debug_scope")
@@ -418,6 +424,7 @@ class LoginViewModelTest {
                 scopes = listOf("api"),
             )
         }
+        every { sdkManagerMock.appAttestationClient } returns null
         val debugConsumerKey = "debug_override_key_789"
         val debugRedirectUri = "debug://redirect"
         val debugScopes = listOf("api", "debug_scope")
@@ -674,6 +681,55 @@ class LoginViewModelTest {
         }
     }
 
+    @Test
+    fun getAuthorizationUrl_WithNullAppAttestationClient_OmitsAttestationParam() = runBlocking {
+        val sdkManagerMock = createSdkManagerMockForAttestation(appAttestationClient = null)
+        val freshViewModel = LoginViewModel(bootConfig)
+
+        val loginUrl = freshViewModel.getAuthorizationUrl(TEST_ATTESTATION_SERVER, sdkManagerMock)
+
+        assertFalse(
+            "URL should NOT contain an attestation parameter but was '$loginUrl'.",
+            loginUrl.contains(ATTESTATION_QUERY_PARAM_PREFIX),
+        )
+    }
+
+    @Test
+    fun getAuthorizationUrl_WithAppAttestationClient_IncludesAttestationParam() = runBlocking {
+        val appAttestationClient = createMockAppAttestationClient(attestation = TEST_APP_ATTESTATION)
+        val sdkManagerMock = createSdkManagerMockForAttestation(appAttestationClient = appAttestationClient)
+        val freshViewModel = LoginViewModel(bootConfig)
+
+        val loginUrl = freshViewModel.getAuthorizationUrl(TEST_ATTESTATION_SERVER, sdkManagerMock)
+
+        assertTrue(
+            "URL should contain '$ATTESTATION_QUERY_PARAM_PREFIX$TEST_APP_ATTESTATION' but was '$loginUrl'.",
+            loginUrl.contains("$ATTESTATION_QUERY_PARAM_PREFIX$TEST_APP_ATTESTATION"),
+        )
+        coVerify(exactly = 1) {
+            appAttestationClient.fetchMobileAppAttestationChallenge()
+            appAttestationClient.createAppAttestation(appAttestationChallenge = TEST_CHALLENGE_VALUE)
+        }
+    }
+
+    @Test
+    fun getAuthorizationUrl_WhenCreateAppAttestationReturnsNull_OmitsAttestationParam() = runBlocking {
+        val appAttestationClient = createMockAppAttestationClient(attestation = null)
+        val sdkManagerMock = createSdkManagerMockForAttestation(appAttestationClient = appAttestationClient)
+        val freshViewModel = LoginViewModel(bootConfig)
+
+        val loginUrl = freshViewModel.getAuthorizationUrl(TEST_ATTESTATION_SERVER, sdkManagerMock)
+
+        assertFalse(
+            "URL should NOT contain an attestation parameter but was '$loginUrl'.",
+            loginUrl.contains(ATTESTATION_QUERY_PARAM_PREFIX),
+        )
+        coVerify(exactly = 1) {
+            appAttestationClient.fetchMobileAppAttestationChallenge()
+            appAttestationClient.createAppAttestation(appAttestationChallenge = TEST_CHALLENGE_VALUE)
+        }
+    }
+
     @Test
     fun loginViewModel_applyPendingLoginServer_returns_onNullPendingLoginServer() {
 
@@ -1272,6 +1328,25 @@ class LoginViewModelTest {
         assertEquals(result, viewModel.getValidServerUrl(value))
     }
 
+    private fun createSdkManagerMockForAttestation(
+        appAttestationClient: AppAttestationClient?,
+    ): SalesforceSDKManager = mockk<SalesforceSDKManager>(relaxed = true).also { mock ->
+        every { mock.useHybridAuthentication } returns false
+        every { mock.isDebugBuild } returns false
+        every { mock.debugOverrideAppConfig } returns null
+        every { mock.appConfigForLoginHost } returns { _ -> null }
+        every { mock.appAttestationClient } returns appAttestationClient
+    }
+
+    private fun createMockAppAttestationClient(
+        attestation: String?,
+    ): AppAttestationClient = mockk<AppAttestationClient>(relaxed = true).also { client ->
+        every { client.fetchMobileAppAttestationChallenge() } returns TEST_CHALLENGE_VALUE
+        coEvery {
+            client.createAppAttestation(appAttestationChallenge = TEST_CHALLENGE_VALUE)
+        } returns attestation
+    }
+
     private fun generateExpectedAuthorizationUrl(
         server: String,
         codeChallenge: String,